10.23.08
Posted in Ubuntu at 4:24 am by Michael
A buddy of mine had a problem getting squid to work right on a stand alone machine. He installed Ubuntu and Squid and configured it according to directions but since it was stand-alone and not a router machine, the normal transparent proxy iptables rules wouldn’t work. It turns out without the routing portion you have to change things up a little. Here are the iptables rules that fixed his problem. You simply use these rules instead of what the howto says to use.
iptables -t nat -A OUTPUT -p tcp -m owner –dport 80 –uid-owner proxy -j ACCEPT
iptables -t nat -A OUTPUT -p tcp -m tcp –dport 80 -j DNAT –to-destination 127.0.0.1:3128
This is the first step to securing a machine for kids to use as a “safe” web surfing machine. Squid does the transparent proxy, but it’s dansguardian that makes it filter content that you might not want your kids to see. There is a lot of documentation listed on the site on how to configure various pieces, but there was nothing that showed how to configure iptables for a stand alone machine.
Permalink
08.25.07
Posted in Ubuntu, Linux at 2:00 am by Michael
If you’re like me you use ssh quite a bit throughout your day. I have had problems with ssh timing out on me after just 5 or 10 minutes for a long time now. I recently got fed up with it and decided to find a solution. It turns out that the problem wasn’t really ssh or even the shell. The problem was router NAT tables. You see most routers will close an idle connection that is being translated to save space in the tables. Normally I would say this is great, but for ssh, where sometimes I will leave it logged in yet idle, this was frustrating. I did some searching and found an option that made this problem go away.
All you have to do is simply edit the file /etc/ssh/sshd_config and add 1 line:
ClientAliveInterval 300
That’s it. Add that line to the bottom of your sshd_config file, save it, and then restart ssh. This option will cause sshd to send a keepalive across an idle connection every 5 minutes. This prevents the router from timing out the NAT connection, and you can happily idle as long as you need to. This option should be used with care, it’s never a good idea to leave a login session open on a computer that is not secure. As long as you aren’t lazy and leave your computer unattended where someone could use your session, you should be safe. Never, ever, ever leave yourself logged in as root on a server for longer than absolutely necessary. This is just plain common sense, but I can’t stress it enough. I have seen too many “pranks” played on people who did this out of pure laziness. Whenever you are using root, do what you have to do and exit the shell. If you want to stay idle, do it as an unprivileged user.
Having ssh timeout when you are not quite done working but still idle for whatever reason can be really annoying. This small fix should make things much more bearable for people that work like I do. I’m glad I finally took the time to research this issue, and I share it here so that others can learn from my discoveries. Enjoy.
Permalink
07.09.07
Posted in Mac, Parallels Desktop, Ubuntu at 5:32 am by Michael
I had some major issues again using the Server Edition of Ubuntu 7.04 to install a new virtual machine in Parallels 3. Ubuntu Server seems to have some things enabled in the server kernel that Parallels just doesn’t like. I also ran into a problem trying to use more than 512 megs of ram for the virtual machine. Hopefully this gets sorted out in the next update to Parallels, since I prefer to use 768 megs of ram for my virtual machine.
I used the latest version of the Ubuntu Server iso to install. I am assuming anyone using this install method is at least at an intermediate level of using Linux, so I’m not going to hold your hand too much. I am using Parallels 3 build 4128, and have done this install successfully 5 times now. I configure the virtual machine to use 5 gigs of hdd space, and 512 megs of ram. I run through the server install as normal, choosing the “install to hard drive” option at boot. The screens are pretty easy to handle, the hardest part is partitioning the drive, and you can just choose the “guided” option for that if you aren’t as picky as I am. As a note anything over 3 gigs of space should work for a virtual machine, I happen to use 5 gigs so I have some room to play with. I have a linux server that I can connect to over the network if I need more space than that.
Once the install finishes it will prompt you to reboot. Allow it to reboot but press the stop button on the virtual machine once it starts to load grub. Then go to Edit->Virtual Machine on the Parallels menu. On the virtual machine configuration editor, choose Options on the left, then click the “Booting” tab on the right. Look for the “Boot Sequence” section and select “CD-ROM, Hard Disk, Floppy” so it will boot from the iso again. This is important because you want the virtual machine to boot from the cdrom so you can get a shell and install the generic kernel instead of the server kernel. After you’ve changed the boot sequence setting, click “OK” and then boot the virtual machine with the green play button.
At this point parallels should boot the cd again. Choose “Rescue a broken system” from the menu and hit Enter. It should boot into rescue mode, it will ask you a couple of questions, similar to the install process. If you’re in the US and using english, you can pretty much just press enter at every prompt, until it asks about disks. On a guided or typical ubuntu install under Parallels the root filesystem should be /dev/sda1. Choose that one, and hit Enter. On the next screen select “Execute a shell in /dev/sda1″
Once you are at a shell, verify you have network by sending a ping to google or yahoo. You can’t do these next steps without your network working, since we’ll be using the network to update and install packages. We start with an update and upgrade, to get all the newest versions of installed packages.
aptitude update && aptitude -y upgrade
After this is complete, you want to install the generic kernel.
aptitude -y install linux-generic linux-image-generic
If everything goes smoothly and you have a decent internet connection, this process should take less than 20 minutes. After that, simply remove the packages for the server kernel.
dpkg -l | grep linux-image
This will show you the exact version of the server image you have installed. Use it in the next command for the last package if your version isn’t the same as mine.
aptitude remove linux-server linux-image-server
aptitude remove linux-image-2.6.20-15-server
Assuming you didn’t run into any problems, type “exit” to return to the rescue menu. Choose the reboot option, then stop the virutal machine with the red stop button. Go back to Edit->Virtual Machine on the Parallels menu, select “Options” on the left, then the “Booting” tab on the right. Change the boot sequence back to “Hard Disk, CD-ROM, Floppy”
Boot the Virtual Machine and it should get you to the login prompt. After you are logged in, install whatever software you would normally on your server setup.
A note, if you are using an actual cd instead of just having Parallels connect to an iso you downloaded to your mac, it may be necessary to choose Solaris 10 as your operating system for the initial install and “fix” phase. There have been reports of the cd emulation not working otherwise. Simply set your OS Type to Solaris, and the OS Version to Solaris 10 when you first configure the virtual machine. Use the process outlined as above, and once you are ready to boot the system, edit the virtual machine configuration again. Set your OS Type to Linux, and the OS Version to Ubuntu Linux.
Permalink
01.05.07
Posted in VMware, Ubuntu at 2:19 pm by Michael
I had some issues making xrdp work correctly in my standard Ubuntu Server install. I figured other people might have the same problems I did so I’m writing this article to show you how to make this awesome software work in Ubuntu. I use the Ubuntu server install iso to install a linux server. It’s a good way to get a lightweight box that can handle VMware Server. I install fluxbox and xorg onto the server just in case we have network issues, we can still run the VMware Server console from the local machine to make any changes we need.
The first step to making xrdp work is to be sure you have xorg and a window manager installed (I use fluxbox since it’s very light on resources). From the command line type:
sudo aptitude install xorg fluxbox fluxconf vnc4server
This will install xorg, fluxbox, and the vnc server that xrdp uses for it’s magic. Once those are all installed, you need to install the development tools and a few library files, to compile xrdp. From the command line:
sudo aptitude install build-essential libpam0g-dev libssl-dev
That should take care of everything you need for compiling xrdp. I only actually do this step on one server, and then I just make a tarball of the final compiled program to distribute to the rest of the servers. I don’t need a compiler and all that devel stuff on all the servers, just the 1 I use to compile. There are a couple steps to making xrdp work correctly that I illustrate below.
Fix up the font directory. For some reason Xvnc is set to look for fonts in the wrong path, but this is easily fixed with this command:
sudo ln -s /usr/share/fonts/X11 /usr/share/X11/fonts
Also because the newest Ubuntu uses dash instead of bash as the default shell, the scripts included with xrdp give me errors. You have to edit the files with a text editor and set them to use bash instead of the default /bin/sh:
sudo nano /usr/local/xrdp/*.sh
In each file change the top line from:
#!/bin/sh
To:
#!/bin/bash
Save the first one and it should automagically open the second and third files you need to edit. Make the change in all the files and be sure to save them. Now there is one more change you need to make for things to work correctly. The startwm.sh script doesn’t have support for fluxbox in it. What I do is make a backup of the original file, then make a new file with just the commands I need for fluxbox, I couldn’t seem to get it working correctly until I did this. Commands:
cd /usr/local/xrdp
sudo mv startwm.sh startwm.sh.orig
sudo nano startwm.sh
Now make this file look like this:
#!/bin/bash
/usr/bin/startfluxbox
exit 0
That’s it, save the file and try starting xrdp:
sudo /usr/local/xrdp/xrdp_control.sh start
Once xrdp is started, try connecting with rdesktop or Remote Desktop Connection in windows. You should be able to login using your normal username and password and get an xdesktop. As long as that works, you can now link the xrdp_control.sh into your /etc/init.d directory and start it like any other service:
sudo ln -s /usr/local/xrdp/xrdp_control.sh /etc/init.d/xrdp
And to have it start up at boot you want to create the links in the proper places:
sudo update-rc.d xrdp start 98 2 3 4 5 .
That should do it. xrdp should load on boot and start fluxbox for you.
Permalink